[Greylist-users] RE: qmail-envelope-scanner by Martin Dempsey

Jeremy Kusnetz JKusnetz at nrtc.org
Fri Jan 30 11:42:44 PST 2004 

Okay, I think I got things working as expected.  I had to piece together patches I found in different places.  This patch seems to add all new triplets to the database and temp fail them, while allowing whitelisted triplets through all in one email with multiple rcpt tos.  It also should always fail open if it can't run qmail-envelope-scanner, or it returns errors, that way we still are accepting mail:

--- qmail-smtpd.c       Mon Jun 15 10:53:16 1998
+++ qmail-smtpd.c.greylist      Fri Jan 30 19:38:33 2004
@@ -19,6 +19,8 @@
 #include "env.h"
 #include "now.h"
 #include "exit.h"
+#include "fork.h"
+#include "wait.h"
 #include "rcpthosts.h"
 #include "timeoutread.h"
 #include "timeoutwrite.h"
@@ -49,6 +51,8 @@
 void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); flush(); _exit(1); }
 void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); _exit(1); }

+void err_tempfail() { out("421 temporary envelope failure (#4.3.0)\r\n"); }
+void err_permfail() { out("553 sorry, permanent envelope failure (#5.7.1)\r\n"); }
 void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n"); }
 void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n"); }
 void err_unimpl() { out("502 unimplemented (#5.5.1)\r\n"); }
@@ -222,6 +226,37 @@
 stralloc mailfrom = {0};
 stralloc rcptto = {0};

+int envelope_scanner()
+{
+  int child;
+  int wstat;
+  char *envelope_scannerarg[] = { "bin/qmail-envelope-scanner", mailfrom.s, addr.s, 0 };
+
+  switch(child = vfork()) {
+    case -1:
+      return 1;
+    case 0:
+      execv(*envelope_scannerarg,envelope_scannerarg);
+      _exit(111);
+  }
+
+  wait_pid(&wstat,child);
+  if (wait_crashed(wstat)) {
+    return 1;
+  }
+
+  switch(wait_exitcode(wstat)) {
+    case 101:
+      err_tempfail();
+      return 0;
+    case 100:
+      err_permfail();
+      return 0;
+    default:
+      return 1;
+  }
+}
+
 void smtp_helo(arg) char *arg;
 {
   smtp_greet("250 "); out("\r\n");
@@ -256,8 +291,10 @@
     if (!stralloc_cats(&addr,relayclient)) die_nomem();
     if (!stralloc_0(&addr)) die_nomem();
   }
-  else
+  else {
     if (!addrallowed()) { err_nogateway(); return; }
+    if (!envelope_scanner()) return;
+  }
   if (!stralloc_cats(&rcptto,"T")) die_nomem();
   if (!stralloc_cats(&rcptto,addr.s)) die_nomem();
   if (!stralloc_0(&rcptto)) die_nomem();

> -----Original Message-----
> From: Jeremy Kusnetz 
> Sent: Friday, January 30, 2004 11:47 AM
> To: Jeremy Kusnetz; 'greylist-users at lists.puremagic.com'
> Cc: 'mjd at digitaleveryware.com'; 'tarcieri at atmos.colostate.edu'
> Subject: RE: qmail-envelope-scanner by Martin Dempsey
> 
> 
> I figured out what is happening, but now I'm not sure what 
> the correct thing to do is.
> 
> With the qmail patch, it calls the qmail-envelope-scanner 
> program for each rcpt-to.  The qmail-envelope-scanner program 
> does it's thing and exits with a return code depending on 
> what it did.  If it saw the triplet for the first time it 
> would add it to the database and exit with a tempfail return 
> code, which would then cause qmail to die with a tempfail 
> error.  The reason why I was only seeing only the first 
> rcpt-to is qmail would die right after seeing the first one 
> and tempfailing.
> 
> So I changed the qmail patch to keep track of all the 
> rcpt-tos, and if any of them are a tempfail, the send the 
> temp fail right after data.  The allows 
> qmail-envelope-scanner to add entries for all new triplets.
> 
> The problem with this though is if any of the triplets are 
> whitelisted and should go through, it just takes one of them 
> to tempfail the entire smtp session and those whitelisted 
> people won't get their email.
> 
> How does the sendmail milter handle this?
> 
> > -----Original Message-----
> > From: Jeremy Kusnetz 
> > Sent: Friday, January 30, 2004 9:14 AM
> > To: 'greylist-users at lists.puremagic.com'
> > Cc: 'mjd at digitaleveryware.com'
> > Subject: qmail-envelope-scanner by Martin Dempsey
> > 
> > 
> > I am just starting to play around with greylisting and I have 
> > Martin's qmail-envelope-scanner working with my qmail 
> > installation in development.
> > 
> > One thing I noticed is when an email goes to multiple 
> > recipients, only the first recipient gets added to the 
> > database.  Should there be one triplet entry for each 
> > recipient, instead of just the first?
> > 
>

More information about the Greylist-users mailing list